Error on Delta and Full Sync FIMMA to AD MA
Part 1 Hi Everyone I trying to make work the join rules, they are working. But I have an issue. Whe I make changes on HR that is my DS auth the chages go to FIM but they dont go to AD, and when I delete a object from HR the object is deleted from AD and FIM. Also I have 6 ERE for each user on FIM I dont know Why, I add all the info of my FIM configuration below, hopefully you can help me out guys. Cheers When I ran Delta Sync or Full Sync Run profiles I got the follow error: Error Information Running management agent FIM MA Error Extension-dll-exception Synchronization step Export Flow Retry count 2 Extension name FunctionLibrary.dll Extension Rule Export-flow Extension context <export-flow allows-null="false"><src><attr>displayName</attr></src><dest>dn</dest><scoping></scoping><fn id="+" isCustomExpression="false"><arg>"CN="</arg><arg>displayName</arg><arg>",OU=TestUsers,CN=kiasvan,CN=ca"</arg></fn></export-flow> Destination management agent AD MA Destination object CN=Zuleica Morales Morales,OU=TestUsers,DC=kiasvan,DC=ca Mapping type Direct Data Source attribute dn Stack Trace Info Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD OUT Users'. Details: The partition filter criteria for management agent "AD" do not include an object with DN "CN=Zuleica Morales Morales,OU=TestUsers,CN=kiasvan,CN=ca" and object classes top, person, organizationalPerson, user. at Microsoft.MetadirectoryServices.FunctionLibrary.AttributeFlowMappingHandler.ExecuteOutboundTransformation(CSEntry csentry, MVEntry mventry, String strSyncRuleGuid, String xmlExpression, String workflowParameterTypes, String workflowParameterValues)
August 20th, 2010 8:48pm

Part2 FIMMA Config Object Types • DetectedRuleEntry • ExpectedRuleEntry • Person • SynchronizationRule Connector Filter Person: Declared Filter Attribute Operator Value 1 AccountName Equals Administrator 2 DisplayName Equals Built-in Synchronization Account Object Type Mappings Data Source Object Type Metaverse Object Type DetectedRuleEntry DetectedRuleEntry ExpectedRuleEntry ExpectedRuleEntry Person Person SynchronizationRule SynchronizationRule Flow Attributes Data Source Attribute Flow Direction Metaverse Attribute Type Flow Nulls dn Export Sync-rule-mapping-expression MVObjectID Export <objectid> Direct AccountName Export accountName Direct DisplayName Export displayName Direct Allow EmployeeID Export employeeID Direct FirstName Export firstName Direct LastName Export lastName Direct MiddleName Export middleName Direct Company Export company Direct Manager Export manager Direct OfficePhone Export officePhone Direct Department Export Department Direct OfficeLocation Export officeLocation Direct RFC Export RFC Direct Address Export Address Direct AD Export AD Direct Domain Export domain Direct ObjectSID Export objectSid Direct <dn> Import csObjectID Direct AccountName Import accountName Direct DisplayName Import displayName Direct EmployeeID Import employeeID Direct FirstName Import firstName Direct LastName Import lastName Direct MiddleName Import middleName Direct Company Import company Direct Manager Import manager Direct OfficePhone Import officePhone Direct ExpectedRuleList Import expectedRuleList Direct Domain Import Domain Direct ObjectSID Import objectSID Direct Department Import Department Direct OfficeLocation Import OfficeLocation Direct RFC Import RFC Direct OU Import ou Direct AD Import AD Direct Deprovisioning • Stage a delete on the object for the next export run HR MA Config No configuration at all Deprovisioning • Make them Disconnectors AD MA Config Object Types • Container • DomainDNS • OrganizationalUnit • User Join and Projection Rules User: Join:yes, Projection:no Mapping Group Action Metaverse Object Type Resolution 1 Join person No extensionAttribute1 Direct employeeID Deprovisioning • Stage a delete on the object for the next export run All of the MA's have the follow RUN Profiles Run Profiles Management Agent Full Import All Full Sync All Delta Import FIM MA and AD MA Delta Sync FIM MA and AD MA Export FIM MA and AD MA
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2010 9:24pm

The problem is here: Microsoft.MetadirectoryServices.FunctionEvaluationException: Error encountered during evaluation of Sync Rule: 'AD OUT Users'. Details: The partition filter criteria for management agent "AD" do not include an object with DN "CN=Zuleica Morales Morales,OU=TestUsers,CN=kiasvan,CN=ca" and object classes top, person, organizationalPerson, user. You have either not imported the partition information on your ADMA yet or your DN is wrong. Are you sure that your DN ends with CN=kiasvan,CN=ca? I would expect something like DC=kiasvan,DC=ca. Cheers, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
August 20th, 2010 9:39pm

Part 4 WF Config HR WF config General Activities Name Type Run on Policy Update Target Resource to Sync Rule HR WF Action No HR SR AD OUT WF config General Activities Name Type Run on Policy Update Target Resource to Sync Rule AD OUT WF Action No AD OUT SR AD IN WF config General Activities Name Type Run on Policy Update Target Resource to Sync Rule AD OUT WF Action No AD IN SR
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2010 9:52pm

Part 5 Set Config General (Name) Criteria-based Members (Select USER that match ALL of the following condition) AD SET AD is 1
August 20th, 2010 9:54pm

Part 6 MPR Config All the MPR are activated HR MPR config General Requestors and Operations Target Resources Policy WF Name Type Dis Requestor Operation Permissions Before After Attrib Auth AutZ Action HR Request No All people Create, Delete Grant All people All people All No No HR WF AD USR CREATE MPR config General Requestors and Operations Target Resources Policy WF Name Type Dis Requestor Operation Permissions Before After Attrib Auth AutZ Action AD .. Request No All people Create Grant N/A AD SET AD No No AD OUT WF AD USR MODIFY MPR config General Requestors and Operations Target Resources Policy WF Name Type Dis Requestor Operation Permissions Before After Attrib Auth AutZ Action AD .. Request No All people Modify Grant All people All people All No No AD OUT WF AD USR DELETE MPR config General Requestors and Operations Target Resources Policy WF Name Type Dis Requestor Operation Permissions Before After Attrib Auth AutZ Action AD .. Request No All people Delete Grant All people N/A All No No AD OUT WF AD USR IN MPR config General Requestors and Operations Target Resources Policy WF Name Type Dis Requestor Operation Permissions Before After Attrib Auth AutZ Action AD .. Request No All people Create Grant N/A All people All No No AD IN WF
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2010 9:58pm

part 7 Attribute Flow Precedence All the attributes have "Use Equal precedence" Object Deletion Rule Object affected: Person Delete metaverse object when connector from any of the following management agents is disconnected: "HR MA" Notes: All the custom attributes had been add to the follow MPR and filters Administration: Administrators can read and update Users Administrator Filter Permission Non-Administrator Filter Permission
August 20th, 2010 10:00pm

Hi Markus you were right I didnt see that I was sendin a bad value to the dn attribute I´ll already chage it and it works good. Cheers Markus
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2010 10:24pm

Kichitan, I'm glad to hear that it works for you. One last thing :o) - please mark questions as answered - if this is true. While we - as moderators - can do this, we don't really want to... Happy FIMing, Markus Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
August 20th, 2010 11:01pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics